Resources and services exist to store and maintain information about known cybersecurity threats (attackers and hosts that have been compromised). This provides a large list of dynamic information that is, in most cases, too much information to be brought in its entirety to enterprise network endpoints. This information also iterates or changes frequently. The challenge is to determine how relevant subsets of that information can be brought into the network to maximize protection given limited memory and processing capability at security enforcement points.